image-creator
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill (SKILL.md) requires the agent to execute shell commands to manage a background Python HTTP server and terminate it using 'pkill'. The instruction to replace placeholders with absolute paths in a shell command string introduces a risk of command injection if the paths are not properly validated.
- [DATA_EXFILTRATION]: The use of 'python -m http.server' without a specified bind address (e.g., -b 127.0.0.1) potentially exposes the contents of the 'OUTPUT_DIR' to any device on the local network. Additionally, rendering arbitrary HTML with Playwright provides a vector for reading local system files (via file:// URIs) which would be captured in the resulting screenshot.
- [PROMPT_INJECTION]: The skill processes HTML and CSS content which may include untrusted data from external sources (SKILL.md). It lacks explicit boundary markers or sanitization instructions to prevent malicious code from executing within the browser context or influencing the rendered output, while granting the agent significant capabilities like browser navigation and shell execution.
Audit Metadata